OCT 01 ^003 5:06PM IP STRfiTEGIES, P-C. 703-248^9244 

Application No. 10/060,039 Page 8 

Amendment: 09.30.2003 

Responsive to Office Action: 07.16.2003 

REMARKS 

Claims 1-30 were pending in the Application, Claims 1-12 are herein canceled 
without prejudice or disclaimer to the subject matter recited therein. Claims 1 3-30 are 
now pending in the Application. Claims 13, 19, and 25 are the independent claims. 

Claim Reiections - 35 USC S102 

In the Office Action, the Examiner rejected clauns 1-6 under 35 USC §102 as 
being anticipated by Gullman et al. USPN 5^280,527 C'GuUman'*). 

The Applicants have canceled claims 1-6. Thus, this rejection is now moot 

Claim Rejections - 35 USC S103 

In the Office Action, the Examiner rejected clauns 7-30 as bemg unpatentable 
over Gulhnan in view of Gennaro et al USPN 6,3 1 7,834 ("Gennaro"). 

Claims 1-12 are herein canceled. Therefore, this rejection of claims 7-12 is now 

moot 

Claims .13, 19, and 25 (the remaining independent claims) have been amended so 
as to expressly recite respective acts of "combining" at least two different fector-based 
values to form a ciyptographic key. 

Amended claim 1 3 now recites the following act: 

"combining the first cryptographic key, the possession value, and the biometiic value to 

fonn a second ciyptographic key " 

Amended claims 19 and 25 now lecite the following act: 
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"combining the possession-based data instance and the biometTic ^'alue to fomi a 
cryptographic key." 

It is respectfully submitted that neither Gullman nor Gennaro (independently or in 
combination) teach or suggest, expressly or implicitly, an act of combining at least two 
diSh'ent factor-based values to form a cryptographic key. 

Gulhnan teaches that biometric information can be provided as input for a device, 
which then generates a security token based on the biometric information (2:21-23, 
Gullman) and either time-varying information or a user-input challenge code (2:40-44, 
Gullman). In particular, Gullman expressly teaches the definition of a security token, 
which is clearly not a cryptographic key: 

^\.,A security token is a non-predictable code derived from a privabo key, e.g. a imique 
fixed value, and a public key, e.g. a time varying value. For example, a pass word (fixed key) is 
encoded based upon time-variant infcmnation. Such token then is forwarded to the host which 
decodes the token back to a password. The token thus provides seciuiQr during transmission to 
prevent the unique fixed value from being identified. Even if a petpetrator ii itercepts a token 
during transmission* reapplication of the intercepted token will not enable ai:cess to the host 
system because the tune-varying "public key" will have changed. Thus, a PI provides user 
identification, while a token provides transmission security." (1 :32-45, Gullman) 

Thus, Gullman defines a security token as a non-predictable code derived from a 
private key. In his example, a password is encrypted (encoded) with time-variant 
information, and thereafter forwarded to a host, which then decrypts (decodes) the token 
back to the password. Indeed, Gulhnan stresses that the purpose of a security token is to 
provide security during transmission to prevent the unique fixed value B om being 
identified. 
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In contrast, claims 13, 19, and 25 expressly recite the combining of different 
factor-based values to form a cryptographic key, which is not a sccurit)^ token as 
specifically and unequivocally defined by Gullman. Indeed, the security token of 
Oulbnan is not a cryptographic key. 

On the other hand, Gennaro teaches that a cryptographic key cm be generated 
fi-om a password, or from a random combination of answers provided by a user during a 
challenge/response session (See 1:67-2:5 and 2:27-2:31, Gemiaro). Clearly, generating a 
cryptographic key fix>m a password, which is a single data element, do-^s not qualify as 
generating a key from at least two different factor-based values. And finther, generating 
a key firom multiple answers to challenge questions does not qualify eitlier. Indeed, the 
multiple answers of Gennaro are of the same type (i.e., knowledge-based values). They 
are all knowledge-based values, not different factor-based values. 

Therefore, neither Gullman nor Gennaro teach or suggest, expressly or implicitly, 
combining at least two different factor-based values to form a crvptoigraphic key . 

Fxuther, combining the teachings of Gullman and Germaro wovJd not produce an 
act of combming at least two diflEerent factor-based values to form a cryptographic key. 
As noted above, Gullman teaches generating a security token (an cnaypted password) 
based on biometdc information, and either time-varying information or a user-input 
challmge code; and Gennaro teaches a cryptograj^c key formed from, either a single 
value, or multiple values of the same type. 

Thus, if one were to combine the teachings of Gullman with those of Geimaro, the 
result would be as follows: a cryptographic key formed from a single value, or from 
multiple values of the same type, with the cryptographic key then being encrypted for 
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transit by either time-vaiying infonnation or a user-input challenge code. Unequivocally, 
this result does not qualify as combining at least two different factor-based values to 
form a cryptographic key . 

Therefore, it is respectfully submitted that claims 13,19, and 2:5 are palentably 
distinguishable over the cited prior ait, and are now in condition for allowance. Thus, it 
is requested that this rejection now be withdrawn, and these claims passed to issue. 

Further, for at least the reasons set forth above, claims 14-18, wliich depend from 
claim 13; claims 20-24, which depend from claim 19; and claims 26-30, which depend 
from claim 25 are patentably distinguishable over the cited prior art, and are now in 
condition for allowance. Therefore, it is respectfully submitted that this rejection be 
withdrawn, and these claims passed to issue. 
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REQUESTED ACTION 

The Applicants would like to thank the Examiner for his time and efforts during 
the September 25, 2003 interview, during vdiich the undersigned and Ibcaminer discussed 
distinctions between the claimed invention and the prior art. 

The Applicant respectfidly requests entry of the foregoing amendment, and 
withdrawal of the rejections for at least the foregomg reasons. Further, as the Applicants 
respectfully submit that claims 13-30 are patentably distinguishable over the prior art» 
and in condition for allowance, the Applicants respectfully request that claims 13-30 be 
passed to issue. 

If the Examiner has any questions, or believes prosecution can be expedited; he is 
invited to telephone the undersigned counsel. 



September 30. 2003 
Date 
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